Hackers backed by the Russian government attempted to undermine confidence in the voting process in the period leading up to the 2016 presidential election, but there is no evidence that they manipulated votes or modified voter registration data, according to a brief report published on Tuesday by the Senate Intelligence Committee.
According to the Senate panel, threat actors had attempted to access numerous state election systems and in some cases voter registration databases.
Authorities are confident that Russian threat actors targeted election systems in at least 18 states, and there is some evidence that three other states may have also been hit. These numbers only cover local or state government organizations – attacks on political parties and NGOs are not included.
Several other states reported seeing malicious activity, but investigators have not been able to confidently attribute the incidents to Russia.
Nearly all the targeted states observed attempts to find vulnerabilities in their systems. These scans were often aimed at the website of the Secretary of State and voter registration infrastructure, the Senate panel said in its report.
In at least six states, Russian hackers attempted to breach voting-related websites, and in a small number of cases they were able to gain unauthorized access to election infrastructure components, and even obtained the access necessary for altering or deleting voter registration data. However, it does not appear that they could have manipulated individual votes or aggregate vote totals.
The Russian government is believed to have launched this campaign at least as early as 2014 with the goal of gathering information and discrediting the integrity of the United States’ voting process and election results, senators said.
The Senate panel has admitted that its assessment, as well as the assessments of the DHS and FBI, are based on information provided by the targeted states, and there may be some attacks or breaches that have not been detected.
“While the full scope of Russian activity against the states remains unclear because of collection gaps, the Committee found ample evidence to conclude that the Russian government was developing capabilities to undermine confidence in our election infrastructure, including voter processes,” senators wrote in their report.
“The Committee does not know whether the Russian government-affiliated actors intended to exploit vulnerabilities during the 2016 elections and decided against taking action, or whether they were merely gathering information and testing capabilities for a future attack. Regardless, the Committee believes the activity indicates an intent to go beyond traditional intelligence collection,” they added.